MI5's newly appointed boss has suggested that his predecessor might have spoken too much about cyber-attacks rather than conventional terrorism in a speech attempting to justify controversial surveillance programs by GCHQ and the NSA.
Andrew Parker, director general of the security service, made the remarks in a speech to the Royal United Services Institute in London on Tuesday. It's his first published speech as director-general of MI5, a position he took over from Sir Jonathan Evans.
"My predecessor spoke last year about cyber threats," said Parker, according to an official transcript of the speech. "This evening I am majoring on terrorism. Describing the reality of the terrorism threat we face is challenging in public discourse. I've heard too much exaggeration at one end, while at the other there can sometimes be an alarming degree of complacency."
Parker went on to describe how "terrorism, espionage, cyber attack, and weapons of mass destruction are all features of the darker side of our modern world" that MI5 strives to combat.
"Over recent decades new threats have emerged (Al Qaeda), old ones have fallen away (Cold War subversion), mutated (Northern Ireland-related terrorism) or branched out in new forms (cyber espionage)," he added.
The secret service boss, a 30 year veteran of MI5, led its response to the 7 July 2005 London bombings and the 2006 transatlantic aircraft plot as deputy director general. The vast majority of his speech focused on the international terrorist threat from Al-Qaeda and its affiliates as well as how accelerating technological change is altering MI5's work.
Helping the bad guys
Parker controversially argued that Snowden's leaks in publicising the "reach and limits of GCHQ techniques" has the effect of "handing the advantage to the terrorists".
"Reporting from GCHQ is vital to the safety of this country and its citizens," he said. "GCHQ intelligence has played a vital role in stopping many of the terrorist plots that MI5 and the police have tackled in the past decade. We are facing an international threat and GCHQ provides many of the intelligence leads upon which we rely. It makes a vital contribution to most of our high priority investigations. It causes enormous damage to make public the reach and limits of GCHQ techniques. Such information hands the advantage to the terrorists. It is the gift they need to evade us and strike at will. Unfashionable as it might seem, that is why we must keep secrets secret, and why not doing so causes such harm."
Parker sought to explain how individuals known to MI5 have gone on to plan, or in some cases execute terrorist plots. "With greater resources since 7/7 we have worked very hard to identify as many as possible of the people in the country who are active in some way in support of terrorism," he explained.
"Knowing of an individual does not equate to knowing everything about them. Being on our radar does not necessarily mean being under our microscope. The reality of intelligence work in practice is that we only focus the most intense intrusive attention on a small number of cases at any one time."
The idea that we either can or would want to operate intensive scrutiny of thousands is fanciful. This is not East Germany, or North Korea. And thank goodness it's not.
The MI5 boss went on to highlight "accelerating technology" change as well as the "diversifying threat landscape" as the two principal challenges facing the security service.
The impact of tech on the spooks' legit work
Net technologies make it a bigger challenges for security services to track terrorists, Parker claimed.
"The internet is used by terrorists for many purposes: broadcasting their propaganda, radicalising vulnerable individuals, arranging travel, buying items, moving money and so on. But the primary issue is communication.
"The internet and related technologies offer a rather different world - better in so many ways, but better too for the terrorists. Through e-mail, IP telephony, in-game communication, social networking, chat rooms, anonymising services, and a myriad of mobile apps, the terrorist has tens of thousands of means of communication. Many of those routes are now encrypted."
Parker controversially suggests that terrorist use of encryption justifies attempts by signals intelligence agencies such as the NSA and GCHQ to weaken internet standards, plant backdoors and capture all the traffic flowing through international cables as well as running dragnet internet surveillance programmes such as Prism. Parker did not refer to any of these directly, instead describing them as "tools" necessary to uncover the nefarious plots of terrorists.
"How the UK decides to respond to these developments will directly determine the level of security available against the threats we face. Retaining the capability to access such information is intrinsic to MI5's ability to protect the country.
Staying at the cutting edge
"Shifts in technology can erode our capabilities. There are choices to be made, including, for example, about how and whether communications data is retained. It is not, however, an option to disregard such shifts with an unspoken assumption that somehow security will anyway be sustained. It will not. We cannot work without tools."
The ongoing Snowden revelations suggest otherwise, but Parker sought to justify internet surveillance as proportionate and legally authorised under a regime operating with strict controls. This echoes the arguments of US spooks.
"Technologies advance all the time. But MI5 will still need the ability to read or listen to terrorists' communications if we are to have any prospect of knowing their intentions and stopping them. The converse to this would be to accept that terrorists should have means of communication that they can be confident are beyond the sight of MI5 or GCHQ acting with proper legal warrant."
Parker also dismissed the idea that GCHQ is indiscriminately snooping on the entire web, claiming instead that his agency only monitored those threatening national security.
We only apply intrusive tools and capabilities against terrorists and others threatening national security. The law requires that we only collect and access information that we really need to perform our functions, in this case tackling the threat of terrorism. In some quarters there seems to be a vague notion that we monitor everyone and all their communications, browsing at will through people's private lives for anything that looks interesting. That is, of course, utter nonsense.
Parker concluded by seeking to deny criticism that the security services were operating dragnet surveillance programs:
"Far from being gratuitous harvesters of private information, in practice we focus our work very carefully and tightly against those who intend harm. The law requires it. All our internal controls, systems and authorisation levels are built accordingly and subject to independent inspection and oversight." ®